RAS in NT but User in AD

  • Thread starter Thread starter Alex
  • Start date Start date
A

Alex

Hi,

We are migrating our NT domain to WIndows Server 2003 domain. The migration
will last a few weeks and I have a problem with the Windows 2000 based RAS
in the NT domain.

We will migrate all Group/User/Computer Accounts to the 2003 domain. During
that period, the RAS server will be in the NT domain. When user dial-in to
the RAS server, they can't use their new 2003 domain logon credential (they
will get a 930 error, something like the authentication server does not
respond in a timely
fashion). I guess the problem is that the RAS Server needs to be added into
the RAS and IAS Servers Domain Local Group. However, when I try to do that,
I can't see computer object in the NT domain. Is there any workaround for
that? Please kindly advise.

Thank You,
Alex
 
I believe you have to allow annoymous access for NT RAS server to authenticate with AD. Add the Everyone group and the Anonymous Logon group to the Pre-Windows 2000 Compatible Access built-in group by using Active Directory Users and Computers or the command line. For example: net localgroup "Pre-Windows 2000 Compatible Access" Everyone /ad

Hope that helps.
 
Hi Glen,

I have already did that but it doesn't work. In fact
Everyone and Anonymous was added in since our 1st site
migration when we setup ADMT.

Thanks,
Yong Teck
-----Original Message-----
I believe you have to allow annoymous access for NT RAS
Click to expand...
server to authenticate with AD. Add the Everyone group and
the Anonymous Logon group to the Pre-Windows 2000
Compatible Access built-in group by using Active Directory
Users and Computers or the command line. For example: net
localgroup "Pre-Windows 2000 Compatible Access"
Everyone /add
 
Back
Top